Reader Reviews

Chris Shiflett has definitely created a masterpiece that I personally
believe only he is capable of. His experience and precise, easy-to-read
manner of writing are unparalleled when it comes to PHP security.

This book will definitely be a long-term desktop reference for me and
mandatory reading for all the PHP developers in my work place.

This is nothing short of a seminal work on web application security
as it applies specifically to PHP. I intend to make it required reading
in my department and recommend it highly to colleagues in other companies
developing web applications in PHP.

Chris has created a very concise and easy-to-read guide to web application security.

For anyone who's ever attended one of Chris's talks on PHP security, this is the
ultimate companion. For those who haven't had the privilege of sitting in on his talks,
this book is everything that you're missing.

For me, the book shed a huge light on a subject that is often talked about, but
most of the time not really understood, and often deliberately and completely ignored.
Now if you'll excuse me, I've got some glaring security holes to fix.

This book is well written, and even difficult topics are explained in an
easy-to-understand way. So, if you want to get a deeper understanding of PHP and
security, this book is what you need to get your hands on.

Of late, there have been numerous instances of attacks on
PHP applications because of the use of insecure code. This is
where Essential PHP Security comes in.

Using simple language, the book comes to the point directly
without wasting your time and obscuring details. It is pretty
evident to the reader on what applies to him and what does not.
There are code examples to explain how attacks can be carried
out and how to protect against them.

I discovered a couple of new tricks and gained some further insight on securing web applications in general.

The bottom line is that this book gives a very good overview on how to make your PHP applications more secure and provides some interesting examples of different types of potential attacks against your web application.

If anyone is well-suited to writing such a work, it is Chris Shiflett, a well-known authority on PHP security, a respected contributor to the PHP community, founder and spokesman of the PHP Security Consortium, and founder and President of Brain Bulb, a PHP consulting firm.

Any PHP developer would be wise to begin with this book as a first step towards PHP security mastery.